Vulnerability Description
Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Osgeo | Mapserver | 4.2.0 |
| Umn | Mapserver | 4.0 |
Related Weaknesses (CWE)
References
- http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.htmlPatch
- http://secunia.com/advisories/34520
- http://secunia.com/advisories/34603
- http://trac.osgeo.org/mapserver/ticket/2942Vendor Advisory
- http://www.debian.org/security/2009/dsa-1914
- http://www.positronsecurity.com/advisories/2009-000.htmlExploit
- http://www.securityfocus.com/archive/1/502271/100/0/threaded
- http://www.securityfocus.com/bid/34306
- http://www.securitytracker.com/id?1021952
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49548
- https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html
- https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html
- http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.htmlPatch
- http://secunia.com/advisories/34520
- http://secunia.com/advisories/34603
FAQ
What is CVE-2009-0841?
CVE-2009-0841 is a vulnerability with a CVSS score of 10.0 (HIGH). Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files vi...
How severe is CVE-2009-0841?
CVE-2009-0841 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0841?
Check the references section above for vendor advisories and patch information. Affected products include: Osgeo Mapserver, Umn Mapserver.